Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

JDBC and PIX

I have a quick question about configuring a PIX firewall and jdbc. I have two distinct networks running behind a PIX firewall. My webserver, jsp's, and JDBC driver are on one machine (on network 'A') and I have my SQL Server database running on another machine on network 'B'. Now in order to allow my webserver access to the database I have to add a couple lines to the firewall. One is the 'fixup' line and the other is the 'conduit'. My question is on the fixup line. Do I do a fixup for http or for sqlnet or both. For instance, do I do this...

fixup protocol http 1433

or

fixup protocol sqlnet 1433

I am just trying to figure out what I am doing before I break something;-)

10 REPLIES
Cisco Employee

Re: JDBC and PIX

HI,

You need fixup protocol sqlnet 1433. as well as conduit or access-list

Thanks

Nadeem

New Member

Re: JDBC and PIX

So sqlnet isn't just an Oracle thing? For some reason I was thinking that I was just supposed to use SQLnet when using Oracle databases. Then again I'm just a software guy what do I know;-) Thank you.

Cisco Employee

Re: JDBC and PIX

Hi,

It is for SQLnet protocol either from Oracle or from Micrsoft.

Thanks

Nadeem

New Member

Re: JDBC and PIX

OK I added the below lines to the PIX config...

fixup protocol sqlnet 1433

conduit permit tcp host 10.0.5.45 eq 1433 host 192.168.100.113

-------------------------------------------

10.0.5.45 is my database server

192.168.100.113 is my webserver

I tested my connection to see if the two computers were able to see each other by telneting from the webserver....

telnet 10.0.5.45 1433

This just hangs and says "trying 10.0.5.45..."

Am I missing something? If I could telnet from one box to another at least I would know that the boxes could see each other. Any ideas?

Cisco Employee

Re: JDBC and PIX

Hi,

DO you have static for 10.0.5.45?

I am not sure if you could test this by just telnet to port1433. Can you try to see if by bypassing firewall, you can get some prompt? Try also to get syslogs from the firewall

Thanks

Nadeem

New Member

Re: JDBC and PIX

Yes, I set the static IP to 10.0.5.45. I also double checked the SQL Server listening port to see if it is on port 1433. It is.

I can telnet successfully from my laptop to the database server. The DB server is in the Windows default domain WORKGROUP.

Where are the syslogs to the firewall kept?

Cisco Employee

Re: JDBC and PIX

Hi,

Could you share the configs? YOu can change the IP addresses and remove the password lines.

Syslogs can be stored on buffer, syslog server, can be dumped on the console or telnet/terminal sessions.

Thanks

Nadeem

New Member

Re: JDBC and PIX

Nadeem's correct need the configs.

New Member

Re: JDBC and PIX

I prefer not to post the FW configs in an open forum. I can send via email though...

Cisco Employee

Re: JDBC and PIX

Hi,

change the ip addresses and take out passwords, that is all you have to do.

Thanks

Nadeem

225
Views
0
Helpful
10
Replies
CreatePlease login to create content